Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

EASM mistakes waiting to happen

Avatar for JR0ch17 JR0ch17
January 25, 2022
Technology
0
46

EASM mistakes waiting to happen

Avatar for JR0ch17

JR0ch17

January 25, 2022
Tweet

More Decks by JR0ch17

See All by JR0ch17
Traversing my way in the internal network
Avatar for JR0ch17 jr0ch17
0
160
Getting Started in Bug Bounty
Avatar for JR0ch17 jr0ch17
0
140
Getting Blindly Lucky
Avatar for JR0ch17 jr0ch17
0
84
Qu'est-ce que le bug bounty?
Avatar for JR0ch17 jr0ch17
0
130
Finding 5 bugs in a single parameter
Avatar for JR0ch17 jr0ch17
0
94
Beyond the Borders of Scope
Avatar for JR0ch17 jr0ch17
1
81
Bad API, hAPI Hackers!
Avatar for JR0ch17 jr0ch17
0
1.6k

Other Decks in Technology

See All in Technology
たまに起きる外部サービスの障害に備えたり備えなかったりする話
Avatar for Sohei Iwahori egmc
0
400
SQLだけでマイグレーションしたい!
Avatar for MakKi makki_d
0
1.2k
Amazon Bedrock Knowledge Bases × メタデータ活用で実現する検証可能な RAG 設計
Avatar for Tomoaki tomoaki25
6
2.2k
子育てで想像してなかった「見えないダメージ」 / Unforeseen "hidden burdens" of raising children.
Avatar for Pauli pauli
2
320
"人"が頑張るAI駆動開発
Avatar for yoko yokomachi
1
120
ソフトウェアエンジニアとAIエンジニアの役割分担についてのある事例
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
0
210
Bedrock AgentCore Evaluationsで学ぶLLM as a judge入門
Avatar for ShichijoYuhi shichijoyuhi
2
220
AIエージェント開発と活用を加速するワークフロー自動生成への挑戦
Avatar for shibuiwilliam shibuiwilliam
4
830
AI駆動開発の実践とその未来
Avatar for Ikko Eltociear Ashimine eltociear
1
480
AWSの新機能をフル活用した「re:Inventエージェント」開発秘話
Avatar for みのるん minorun365
2
430
[Neurogica] 採用ポジション/ Recruitment Position
Avatar for Neurogica neurogica
1
110
Amazon Connect アップデート! AIエージェントにMCPツールを設定してみた!
Avatar for Yosuke Suzuki ysuzuki
0
130

Featured

See All Featured
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
Avatar for MADOX madoxten
50
42k
How to Grow Your eCommerce with AI & Automation
Avatar for Katarina Dahlin katarinadahlin
PRO
0
75
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
6.8k
How to Align SEO within the Product Triangle To Get 
Buy-In & Support - #RIMC
Avatar for Aleyda Solis aleyda
1
1.3k
What the history of the web can teach us about the future of AI
Avatar for Ines Montani inesmontani
PRO
0
370
The Curse of the Amulet
Avatar for Matthew Lei leimatthew05
0
4.7k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
Avatar for r-kagaya rkaga
57
37k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3.3k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
Avatar for Ines Montani inesmontani
PRO
2
2.8k
Leveraging Curiosity to Care for An Aging Population
Avatar for Cassini Nazir cassininazir
1
130
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
Avatar for Tech SEO Connect techseoconnect
PRO
0
49
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
Avatar for Sara Fernández Carmona sarafernandez
0
88

Transcript

  1. EASM mistakes waiting to happen

  2. GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security

    at Montreal Canadiens fan

  3. GET /agenda HTTP/2 EASM Common mistakes Hacker perspective

  4. GET /EASM HTTP/2 What exactly is EASM? What does it

    cover? Why is it important?

  5. GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least

    Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)

  6. GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates

    • Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring

  7. GET /thanks HTTP/2 Thank you for listening Questions? More questions?

    DMs are open on and